[INACTIVE]"Popups warning of infection".

  • 1 Replies
  • 2040 Views
*

Offline JamesNH

  • Bronze Member
  • 1
[INACTIVE]"Popups warning of infection".
« on: September 22, 2008, 02:49:00 PM »
I was browsing the net today and started getting this pop up and then I pressed ctrl+alt+delete and it says that it has been "Task manager has been disabled by your administror". I am the administrator. So Any assistance would help... I dont have a previous backup of hijackthis as I just installed it to get this issue resolved.

 

Also, I dont know if this is worth noting or not but I am running windows XP.

 

The " Log" file

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:05: VIRUS ALERT!, on 9/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\tclock2_120\tclock2.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Microsoft IntelliPoint\IPoint.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\SmartFTP Client\SmartFTP.exe
C:\Office\Office12\OUTLOOK.EXE
D:\Program Files\Adobe\Adobe Photoshop CS4\Photoshop.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
D:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe
C:\Program Files\123FlashChatServer5.0\server\wrapper.exe
C:\Program Files\123FlashChatServer5.0\server\jre\bin\java.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
D:\uTorrent-1.6\uTorrent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedUI.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: QXK Olive - {B374AEEE-5CB5-4735-8E54-1E6BC34C0AFA} - C:\WINDOWS\dfmlxbpkmkn.dll
O2 - BHO: Loader Class - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - C:\WINDOWS\BricoPacks\LeopardXP\FindeXer.dll
O3 - Toolbar: peltodgx - {7CE724E9-645E-4D3D-A273-8ED63BFA0136} - C:\WINDOWS\peltodgx.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus CX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE /F U "C:\WINDOWS\TEMP\E_S868.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: Glass2k.lnk = C:\WINDOWS\BricoPacks\LeopardXP\Glass2k.exe
O4 - Startup: panther.CurXPTheme.lnk = ?
O4 - Startup: tclock2.lnk = C:\Program Files\tclock2_120\tclock2.exe
O4 - Startup: TrueTransparency.lnk = C:\Program Files\TrueTransparency\TrueTransparency.exe
O4 - Startup: UberIcon.lnk = C:\Program Files\UberIcon\UberIcon Manager.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_frame
O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_image
O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_link
O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_exclude
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Office\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_report
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O21 - SSODL: onfwbsak - {8E6F7911-465F-46D7-9C81-7DF93933304E} - C:\WINDOWS\onfwbsak.dll
O21 - SSODL: rwlfsdmk - {61A6353C-0162-46A2-8928-3C88DC747FF7} - C:\WINDOWS\rwlfsdmk.dll
O23 - Service: 123 Flash Chat Server 5.0 - Unknown owner - C:\Program Files\123FlashChatServer5.0\server\wrapper.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\NitroPDF5\bepldr.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 8752 bytes
« Last Edit: November 06, 2008, 05:55:51 PM by Taz71498 »

*

Offline 1972vet

  • Microsoft® MVP
  • Malware Removal Staff
  • Diamond Member
  • 8290
  • Patience is bitter indeed, but its fruit is sweet.
Re: "Popups warning of infection".
« Reply #1 on: September 22, 2008, 02:54:01 PM »
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • MBAM will automatically start and you will be asked to update the program before performing a scan.

    If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
     If you encounter any problems while downloading the updates, manually download them from here
    and just double-click on mbam-rules.exe to install.

    • On the Scanner tab:
      • Make sure the "Perform Quick Scan" option is selected.
      • Then click on the Scan button.
      • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
      • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
      • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
      • Click OK to close the message box and continue with the removal process.
      • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
      • Make sure that everything is checked, and click Remove Selected.
      • When removal is completed, a log report will open in Notepad.
      • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
      • Copy and paste the contents of that report in your next reply and exit MBAM.
      Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process.
       Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
      Disabled Veteran
      U.S.C.G. 1972 - 1978
      Membership: U.N.I.T.E., A.S.A.P.

      2009-13

      Performance and Maintenance for Windows XP, Windows Vista and Windows Seven